that concludes " It appears that the overall quality of code, and more importantly, the amount of QA, on various browsers touted as "secure", is not up to par with MSIE; the type of a test I performed requires no human interaction and involves nearly no effort. Only MSIE appears to be able to consistently handle \[*\] malformed input well, suggesting this is the only program that underwent rudimentary security QA testing with a similar fuzz utility."

Discuss this Article 3

Anonymous User (not verified)

on Sep 7, 2005

http://www.securityfocus.com/archive/1/379207
"(...)although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************